ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified DevOps Engineer - Professional DOP-C02 All Questions

View all questions & answers for the AWS Certified DevOps Engineer - Professional DOP-C02 exam
Go to Exam

Exam AWS Certified DevOps Engineer - Professional DOP-C02 topic 1 question 15 discussion

Exam question from Amazon's AWS Certified DevOps Engineer - Professional DOP-C02
Question #: 15
Topic #: 1
[All AWS Certified DevOps Engineer - Professional DOP-C02 Questions]

To run an application, a DevOps engineer launches an Amazon EC2 instance with public IP addresses in a public subnet. A user data script obtains the application artifacts and installs them on the instances upon launch. A change to the security classification of the application now requires the instances to run with no access to the internet. While the instances launch successfully and show as healthy, the application does not seem to be installed.
Which of the following should successfully install the application while complying with the new rule?

  • A. Launch the instances in a public subnet with Elastic IP addresses attached. Once the application is installed and running, run a script to disassociate the Elastic IP addresses afterwards.
  • B. Set up a NAT gateway. Deploy the EC2 instances to a private subnet. Update the private subnet's route table to use the NAT gateway as the default route.
  • C. Publish the application artifacts to an Amazon S3 bucket and create a VPC endpoint for S3. Assign an IAM instance profile to the EC2 instances so they can read the application artifacts from the S3 bucket.
  • D. Create a security group for the application instances and allow only outbound traffic to the artifact repository. Remove the security group rule once the install is complete.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by ele at April 7, 2023, 3:19 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
z_inderjot
Highly Voted 1 year, 4 months ago
Selected Answer: C
C - in the answer Though we can use both B and C , since we only want to download to package at the time of initialization . So there is no need to have continuous access to internet . Therefore, it is cheap and optimal to use S3 .
upvoted 8 times
...
namtp
Most Recent 9 months ago
Selected Answer: C
C is the correct answer. no access to the internet but connect to aws services => private endpoint
upvoted 1 times
...
thanhnv142
1 year, 3 months ago
C is correct: all other options utilize internet connections
upvoted 3 times
...
harithzainudin
1 year, 4 months ago
Selected Answer: C
C is the correct one. all other option will allow internet access which is not compliance with the reqs
upvoted 3 times
...
zolthar_z
1 year, 5 months ago
Selected Answer: C
C: Can't be B because with the NAT the EC2 still has internet access
upvoted 3 times
...
robertohyena
1 year, 5 months ago
C is the correct answer. A B D are not correct. Keywords: - requires the instances to run with no access to the internet
upvoted 2 times
rowanwally
1 year, 5 months ago
is the dump still valid?
upvoted 1 times
...
...
bosmanx
1 year, 6 months ago
Selected Answer: C
B is incorrect, the new policy is "no access to the internet"
upvoted 2 times
...
DevopsNoob
1 year, 6 months ago
C is the answer. B would enable internet access from the instance.
upvoted 1 times
...
Ffida
1 year, 7 months ago
C is correct and B, which is specifically for NAT. in question they have asked that no internet access from the instance, so If we enable NAT then from outside no one can access the instance but internet will be accessible on the instance using NAT.
upvoted 1 times
...
ataince
1 year, 7 months ago
C is correct B: "instances to run with no access to the internet." so you can not use NAT
upvoted 1 times
...
DaddyDee
1 year, 8 months ago
C is the answer, you can use artifacts in s3 with vpc endpoints. With a gateway endpoint, you can access Amazon S3 from your VPC, without requiring an internet gateway or NAT device for your VPC, and with no additional cost. https://repost.aws/knowledge-center/ec2-systems-manager-vpc-endpoints https://docs.aws.amazon.com/vpc/latest/privatelink/vpc-endpoints-s3.html
upvoted 2 times
...
rahulsingha2112
1 year, 8 months ago
C is correct as solution required no internet access
upvoted 1 times
...
ggrodskiy
1 year, 8 months ago
Correct C.
upvoted 1 times
...
madperro
1 year, 11 months ago
Selected Answer: C
C is the answer. B gives the instances access to the Internet.
upvoted 1 times
...
rdoty
1 year, 11 months ago
Selected Answer: C
Def C, all others include access to the internet
upvoted 1 times
...
ProfXsamson
1 year, 11 months ago
This is supposed to be a Choose two answer. BC
upvoted 1 times
...
Akaza
1 year, 11 months ago
NAT GW for me
upvoted 1 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago